Identity theft: Passwords

Everyone hates passwords. They are inconvenient, annoying and time-consuming. Why do we have to use them and why do they have to be so hard?

I don’t know in a few paragraphs if I will be able to convince you that passwords are your friends. However, the practical answer is that they keep bad guys out of your stuff. They’re like the door locks on your house. They may not protect against someone who is determined to get in but most of the time they make it inconvenient enough that people leave that house alone and move on to an easier target.

I have been thinking about this analogy between door locks and passwords for a few weeks now because I am remodeling a house and changing all the door locks. In the upstairs, where there is a window in the actual door, I put in a lock that requires a key on both sides. On the basement door, where there is no window on the door, I used a simpler lock. Why the difference? Because when there is just a pane of glass between the robber and the door lock, you have no security. Is it inconvenient? Yes. And you have to have a backup plan so that someone can’t get accidentally locked inside the house. Is it worth it? I think so.

One needs to think of passwords that way. Your password for “Words with Friends” does not have to be very secure, but the one that you use for your bank definitely needs to be. So with that analogy in mind let’s talk a little bit about using passwords.

  1. Never use same password twice. I know, I know!  But before you stop reading just stay with me and I will show you how this is quite possible to do.

The reason one never wants to use the same password twice is quite obvious. A few years ago Yahoo published a survey that reported most people use the same password for everything they do and most people use the same 100 passwords. So even if I don’t find a sticky note on your computer monitor, it does not take long to go through the most likely ones until I find yours. Then I will try that password everywhere to see what else I can get into. If I’m lucky enough to get one password from you then I will have access to everything.

  1. Use strong passwords with upper and lowercase letters and punctuation. If you simply use words with lowercase letters, then there are only 26 letters to work with and the possibilities are pretty small. If you use upper and lowercase you have double the possibilities. If you use punctuation as well as upper and lowercase you have tripled the possibilities. And each character you add to a password doubles the difficulty of cracking it.
  2. Use an especially complex password for your email address. This one may not seem obvious but let me tell you how an attacker can use your email address to get into your bank account. The attacker gets your email password and using that he or she tries to log in to your bank account. When the attacker cannot get into your bank account he or she simply hits the button that says “lost password.” The bank will send out a password reset link. Guess where they will send it? Your email address.
  3. Password protect your phone and computer and instruct it to lock whenever you haven’t used it for a few minutes. This way if someone steals your phone or laptop they will not have access to your information (that is not 100% true, but I am not teaching a hacking course here).
  4. Never give your password to anyone. This one sounds like a no-brainer but it happens all the time. Bad guys will either call you and claim to be the bank or they will send you an email and claim to be the bank or they will ask you to go to the website and claim to be the bank. It doesn’t take much to convince you that you need to log in but when you do you have given away your password. I have mentioned this before, but any time you are contacted by anyone who wants your information ask them where they are, look up the number yourself and call them back. If they want you to visit a website don’t click on a link, look up the website yourself. looks a lot like on a  handheld device.

If I have convinced you that you need to have a better password plan here are a few ways to do it:

LastPass is a free app that works on all platforms (iPhone, Mac, Windows, Android, Linux) and it will actually create a completely random password and remember where you used it. You only need to remember your “last pass” to open the program.

If you don’t want to trust your security to an outsider than you can create your own complex passwords. One method is to use a series of numbers interspaced around the name of the website that you are going to. So if you are going to Ebay the password might be E1b2a3y45.  Amazon might be A1m2a3z4o5n6. This makes it easy to create your password and always remember how you got it.

There are many methods for creating passwords that are unique and hard to crack. If you google “create complex passwords” you will find many more. The important thing is to make sure it is a system that works for you.

Suggestion for the week: Sit down with a piece of paper and come up with a system that would allow you to create a different password for everything you do and that would be easy for you to remember without writing it down. That is your system. And let me know what you come up with so that I can share your ideas with others.

Leave a Reply